1 Answer
1

No - because SSL encapsulates the HTTP stream - the 2 nodes must already be speaking over SSL before the webserver finds out what page the client wants. And the SSL enabled socket must be listening before a client can connect to it - at which point you don't know what clients will connect.

know this can be done in nginx

wrong.

Neither enabling SSL for a specific URL or a specific client can be done because that's not how it works. You may as well ask why your car doesn't do 200mph and 400mpg.

You can firewall the port so that only specific IP addresses can connect - but that's a different semantic from what you asked.

You can choose to only make certain content available via the SSL virtual host.

If you drop it from high enough, you wil get that kind of performance from your car.

On nginx I had "allow 10.10.10.5; deny all;" under the ssl server config which seemed to do it. Or is this just imitating what a firewall would do? ... I thought that both the client and server can decrypt the data, it's just the guys in-between that can't as they don't have the correct cert... so why can't lighttpd use the ssl cert to decrypt the url?
–
MintFeb 9 '11 at 19:10